Evan Schuman

Evan Schuman has covered IT issues for a lot longer than he'll ever admit. The founding editor of retail technology site StorefrontBacktalk, he's been a columnist for CBSNews.com, RetailWeek, Computerworld and eWeek and his byline has appeared in titles ranging from BusinessWeek, VentureBeat and Fortune to The New York Times, USA Today, Reuters, The Philadelphia Inquirer, The Baltimore Sun, The Detroit News and The Atlanta Journal-Constitution.

The enterprise challenge in generating secure code is well known: as software becomes a competitive advantage and customers expect regular updates, the need to release new features and content frequently often trumps the need to release secure code. Although that's a true conflict, it's not the full story. Psychology can play almost as big a role, with security teams often perceived by developers... READ MORE›

One of the sad truths about security is that it has typically been viewed by enterprise C-level executives as akin to an insurance policy – necessary, but would never produce profits, boost revenue, or attract new customers. But are those long-held perceptions changing?
A recent CA study found that they might be. The study found that companies that prioritized security efforts in app development... READ MORE›

Training developers on application security is critical to the success of every security program, but many companies deploy training improperly or insufficiently, argues Maria Loughlin, VP of Engineering at Veracode. Companies can increase the bang for their training buck by matching their training delivery and curriculum to the needs of their organization.
Consider the channel
A successful... READ MORE›

It’s taken quite some time to get here, but enterprise IT execs are finally embracing DevSecOps. The latest indicator that it’s happening is the 2018 Gartner Magic Quadrant for Application Security Testing, which predicted in March that “by 2019, more than 50% of enterprise DevOps initiatives will have incorporated application security testing (AST) for custom code, an increase from fewer than 10... READ MORE›

Over the summer, some friends at Veracode approached me and asked if I would be willing to help them with an experiment. Could I, they wanted to know, spend an entire day neither using nor leveraging any software whatsoever. They bet me that I couldn’t. I love a challenge as much as any journalist so I said “Sure. How hard could it possibly be?”
The point of this is to make business people better... READ MORE›

Doing security well is hard work, but it should never block useful functionality for your customers. If security interferes with key software capabilities, the security must be tweaked. The answer should never be to abandon the functionality and certainly not to abandon the security. And yet two instances from this month suggest that is exactly what is happening.
Let's start with election... READ MORE›

March brought with it yet more news of app security headaches. The latest is the discovery of "132 Android apps on Google Play infected with tiny hidden IFrames that link to malicious domains in their local HTML pages," according to the security firm that made the discovery.
But before you dismiss this latest security hole with a yawn and a "so what else is new?," consider... READ MORE›

With the New Year unfolding, 'tis the season to be reminded that app security has not yet arrived at the optimal state. Consider this piece from Kaspersky's Threatpost pointing out how re-used third-party libraries perpetuate security holes long after they have been discovered.
For 2017, the industry needs a change in approach. AppSec is certainly getting better, but enterprise security... READ MORE›

When it is treated as an afterthought, security can never work. When enterprises purchase and write thousands of applications without any formal app security mechanism, they are opening themselves up to breaches. What recent reports show is that there is a real disconnect between the spend on applications and the investment in protecting them.
Gartner is projecting that U.S. enterprises... READ MORE›

In the US, there exist no meaningful national cybersecurity rules, but, as a practical matter, that is likely to change this year. But it's not coming from Congress. The catalyst is new rules slated to start in March from the New York State Department of Financial Services. In financial areas, that New York department is typically mimicked by a wide range of other state regulators, along with... READ MORE›

Get all the latest news, tips and articles delivered right to your inbox.

Cookie Use

We use cookies to collect information to help us personalise your experience and improve the functionality and performance of our site. By continuing to use our site [without first changing your browser setting], you consent to our use of cookies. For more information see our cookies policy.

Veracode is a leading provider of enterprise-class application security, seamlessly integrating agile security solutions for organizations around the globe. In addition to application security services and secure devops services, Veracode provides a full security assessment to ensure your website and applications are secure, and ensures full enterprise data protection. Application protection services from Veracode include white box testing, and mobile application security testing, with customized solutions that eliminate vulnerabilities at all points along the development life cycle.